package com;

import java.io.InputStream;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Properties;

public class Demo05 {
    public static void main(String[] args) throws Exception {
        // 加载MySQL数据库驱动
        Class.forName("com.mysql.jdbc.Driver");
        // 定义数据库连接信息
        String url = "jdbc:mysql://125.74.233.192:3306/fruitdb?characterEncoding=utf-8";
        String user = "root";
        String password = "123456";
        // 建立数据库连接
        Connection connection = DriverManager.getConnection(url, user, password);
        System.out.println("connection = " + connection);
        // 定义查询条件
        String fname = "西瓜' or 1=1 or fname='";
        String sql = "select * from t_fruit where fname = '" + fname + "'";
        System.out.println("sql = " + sql);
        // 创建Statement对象
        Statement statement = connection.createStatement();
        // 执行查询语句
        ResultSet resultSet = statement.executeQuery(sql);
        // 处理查询结果
        if (resultSet.next()) {
            // 获取第一列的整数值
            System.out.println(resultSet.getInt(1));
            // 获取"fname"列的字符串值
            System.out.println(resultSet.getString("fname"));
            // 获取第三列的整数值
            System.out.println(resultSet.getInt(3));
            // 获取"fcount"列的整数值
            System.out.println(resultSet.getInt("fcount"));
            // 获取"remark"列的字符串值
            System.out.println(resultSet.getString("remark"));
        }

    }
}
